manualshive.com logo in svg

SMC Networks BARRICADE SMC7301TA, User Manual

Share
Download
SMC Networks BARRICADE SMC7301TA User Manual Download Page 49

49

Chapter 6 Packet Filtering

Configuration

        This chapter covers IP packet filtering configuration of the SMC7301TA.

Note:

Packet  filtering  is  a  sophisticated  feature  that  can  substantially  impact

your  SMC7301TA  operation.  Therefore  be  sure that  you  fully  understand  the

descriptions in this chapter before you start to configure and use this feature.

This  is  because  if  you  make  any  mistakes,  it  may  produce  drastic  and

potentially undesired results.

IP Packet Filtering Overview

        The  SMC7301TA  already  provides  you  with  many  different  ways  to

ensure  the  security  of  your  data  in  your  local  environment.  For  example,  the

concept  of  single  IP  address  and  private  networking  means  devices  on  your

network can access the Internet, but not vice versa.  This feature  has proven

to be useful and effective to most users. However, for some users, additional

security requirements may exist, which can be satisfied by this packet filtering

feature.

        Packet filtering is a security feature that allows you to s electively pass or

throw  away  data  traffic  between  your  local  LAN  and  the  wide  area  network

(For example, the Internet). Specifically, it allows you to define:

each  and  every  IP  packet  to  be  inspected  to  determine  if  it  should  be

allowed to be transmitted  over a WAN interface, or alternatively,

each  and  every  IP  packet  to  be  inspected  to  determine  if  it  should  be

disallowed from being transmitted over a WAN interface.

        Due to the conflicting nature of allow and disallow, only one of the above

two choices can  be made for each WAN interface. After the choice is made,

you  can  define  selection  rules  to  “select”  which  packets  will  be  allowed  (or

disallowed).        Each selection rule consists of:

Summary of Contents for BARRICADE SMC7301TA

Page 1: ...1 BARRICADETM ISDN Router SMC7301TA User s Manual ...

Page 2: ...NT BROWSERS FOR SMC7301TA CONFIGURATION 13 Netscape Navigator 4 x 13 Internet Explorer 4 x and 5 x 14 Logging On 14 CUSTOMIZING USER INTERFACE FOR YOUR SPECIFIC NEEDS 15 BASIC INTERNET ACCESS 16 INTERNET ACCESS WITH ADVANCED CONFIGURATION 16 Access to from Remote Site e g Branch Office 16 DIAL IN ACCESS FOR OFF SITE USERS 17 OVERVIEW OF BROADBAND ROUTER MANAGER SCREEN 17 Menu Window 18 Configurati...

Page 3: ...APTER 5 DIAL IN USER ACCESS CONFIGURATION 45 CONFIGURING A DIAL IN USER PROFILE 45 DELETING DIAL IN USER PROFILES 48 CHAPTER 6 PACKET FILTERING CONFIGURATION 49 AN IP PACKET FILTERING OVERVIEW 49 ADDING EDITING DELETING A PACKET RULE 50 CHAPTER 7 MANAGING SMC7301TA 53 HOW TO VIEW THE CONNECTION LOG 53 HOW TO UPGRADE THE SMC7301TA FIRMWARE 54 HOW TO SAVE OR CLEAR CONFIGURATION CHANGES 55 HOW TO RES...

Page 4: ...ork and a remote network For example the Internet or a remote office The SMC7301TA contains an ISDN S T interface a 10Mbps WAN port a 10 100Mbps LAN port and a conso le port for management capability Data comes into the SMC7301TA from the LAN and then is routed to the remote network and vice versa In addition to its capability to route IP traffic the SMC7301TA also acts as a bridge for other netwo...

Page 5: ...odem to the Internet whenever they wan t Alternatively end users can connect via an ISDN connection to the Internet In this situation the SMC7301TA supports bandwidth on demand For example any user s initial intent to access the Internet will trigger a B channel connection to be set up As the traffic builds for example more users try to access the Internet or the same user generates a lot of traff...

Page 6: ...ide area network with the SMC7301TA and allow two or more remote networks to connect to one another and share resources The remote network can use an ISDN router from a different vendor as long as it also supports LAN to LAN communication ISDN Router Your LAN 1 ISDN ISDN Network ISDN ISDN Router Your LAN 2 Security Overview More and more people are concerned about security of their data in this In...

Page 7: ...ollowing illustration shows the rear panel of the SMC7301TA ISDN S T TERMINAL SWITCH WAN LAN CONSOLE AC 7 5V One RJ 45 ISDN port for connection to your ISDN line One RJ 45 10 100 Mbps LAN port for connection to a workstation or to another switch or hub One RJ 45 10 Mbps WAN port for connection to an xDSL cable modem One RS 232 DB 9 port to enable console management capability One 7 5V AC power con...

Page 8: ...e SMC7301TA are dual colored Please note that the third or the forth LED will flash with orange color when collisions occur on the LAN port or on the WAN port The sixth or seventh LED will flash with green color respectively when data is transmitted over the corresponding B channel The following table shows a brief description for each LED LAN Interface WAN ISDN Locatio n 1 2 3 4 5 6 7 8 Functio n...

Page 9: ...N line to the ISDN port S T interface Connect your PC to the RJ 45 LAN port Two or more PCs can be connected via a multi port hub or switch which you can connect to the RJ 45 LAN port of the SMC7301TA Plug the power adapter into a wall outlet and the AC connector on the back of the SMC7301TA The RS 232 port is only used to connect a terminal to run the Command Line Interface using the null modem c...

Page 10: ...tly or through an external hub or switch and have TCP IP installed and configured to obtain an IP address through a DHCP server Directly connect a Windows 95 98 2000 PC to the SMC7301TA If TCP IP is not already installed follow the steps below for its installation Note Any TCP IP capable workstation can be used to communicate with or through the SMC7301TA To configure oth er types of workstations ...

Page 11: ...8 Otherwise select Add to install it now Step 5 In the new Network Component Type window select Protocol Step 6 In the new Select Network Protocol window select Microsoft in the Manufacturers area Step 7 In the Network Protocols area of the same window select TCP IP then click OK You may need your Win95 98 CD to complete the installation ...

Page 12: ...ngs Tab both Client for Microsoft Networks and File and printer sharing for Microsoft Networks should be selected Gateway Tab All fields should be blank DNS Configuration Tab Disable DNS should be selected IP Address Tab Obtain IP address automatically should be selected Step 10 With the SMC7301TA powered on and connected to the LAN reboot the PC After the PC is re booted you should be ready to co...

Page 13: ...d features In the following sections you will be shown how to configure the SMC7301TA for basic Internet acce ss in less than five minutes using the web based Broadband Router Manager Using Different Browsers to Configure the SMC7301TA To configure your SMC7301TA you can use popular browsers such as Netscape 4 x and Internet Explorer 4 x and 5 x The fol lowing describes how to access the Broadband...

Page 14: ...ing on for the first time you should accept the factory default password which is password The password is always displayed as a string of asterisks Clicking the Log On button will begin the Configuration process for the SMC7301TA The next time you log in even if you have modified the password the default password password will still be us ed as the default You need to change it to the correct pas...

Page 15: ...LS Menu on the left side of the screen this will allow you to customize the Broadband Router Manager to suit your own specific needs The selections you make determine what configuration menus and buttons will appear in the screen For example if you select Basic Internet Access only the interface will only display buttons that you need for basic Internet access If you subsequently use Broadband Rou...

Page 16: ...ing the private IP address for example when you intend to create your own private WAN between multiple SMC7301TA routers or adding a public IP address e g when you want to install servers on the LAN which are accessible from the Internet Access to from Remote Site e g Branch Office Select this option if you want to create connec tions to other LAN sites that is users at each site can share resourc...

Page 17: ...have selected the options you want The quantity of selections is not limited but step by step configuration is recommended Overview of Broadband Router Manager Screen Before you begin the configuration process take a moment to look at the Broadband Router Manager screen Look for these areas Menu Window in the left side of the screen Configuration Window in the right upper side of the screen Messag...

Page 18: ...ly the message window will display an appropriate message System Status Monitoring Window This section displays statistics and the status of all interfaces This window is invoked as a separate browser screen from the main Broadband Router Manager browser screen and appears automatically each time you start Broadband Router Manager If you close this window you can always restart it by clicking Syst...

Page 19: ...Xmt Pkts indicates the number of packets th at have been transmitted through the interface Rcv Pkts indicates the number of packets that the interface has received Err Pkts indicates the number of error bad packets that have been received Disconnect if an interface has been selected highlig hted clicking this button will cause the connection to be taken down The LAN interface and the ISDN physical...

Page 20: ...ntication information the local user name and password and possibly the remote site user name and password plus other information that may be required for the communication Basic Internet Access Configuration via WAN This section describes the steps to set configuration for Basic Internet Access via WAN You will find that the SMC7301TA is optimized for Basic Internet Access You don t need to under...

Page 21: ...cision about Obtain IP Address Automatically Available options are via PPP over Ethernet via PPTP via DHCP or No If you choose No go to step 3 If you choose via DHCP go to step 4 and if you choose via PPP over Ethernet go to step 5 If you choose via PPTP go to step 6 Step 3 If you choose No for the selection of Obtain IP Address Automatically The following screen will be displayed Enter the follow...

Page 22: ...ry DNS IP Address the IP Address of your Primary DNS Secondary DNS IP Address the IP Address of your Secondary DNS Step 4 If you choose via DHCP for the selection of Obtain IP Address Automatically The following screen will be displayed Enter the following information and then Click Apply Profile Name the name that you will use to identify this Internet acce ss profile Optional Host Name System Na...

Page 23: ...heck with your ISP to see if they use PPPoE ISP Account Name the username of your ISP account ISP Account Password the password of your ISP account Optional Service Name Enter the Service Name provided by your ISP if it is required Optional Access Concentrator Name Enter the Access Concentrator Name provided by your ISP if it is required Idle Timeout 0 3600 seconds The default value of the idle ti...

Page 24: ...dress IP address of SMC7301TA router for the PPTP connection Consult your ISP for this information PPTP IP Netmask IP network mask for the PPTP Tunnel Consult your ISP for this information PPTP Remote IP Address IP address of the broadband modem for the PPTP Tunnel Consult your ISP for this information ISP Account Name the username of your ISP account ISP Account Password the password of your ISP ...

Page 25: ... the Obtain IP Address Automatically field Basic Internet Access Configuration via ISDN This section describes the steps require d for Basic Internet Access via ISDN When you apply for an account with your Internet Service Provider ISP you will be given the necessary information including your account name account password and the ISP s local access ISDN telephone number Have these available and t...

Page 26: ...er of your ISP ISP Account Name the username of your ISP account ISP Account Password the password of your ISP account Step 7 Click Apply and Test Note When you click Apply and Test the SMC7301TA attempts to place a call to your Internet Service Provider Watch the Message window for any messages If the test is successful your users will be ready to access the Internet If not the SMC7301TA will try...

Page 27: ...completing basic Internet access configur ations via ISDN now you can set advanced ISDN Configuration if you go back to the Broadband Router Manager screen and select Internet Access with Advanced Configuration Step 1 After entering the following parameters as the way descr ibed in the previous section click Advanced Step 2 The following configuration window will appear ...

Page 28: ...are Data Over Voice Channel 64K 56K and Auto Recommended selection is Auto Step 5 Enter Remote Sub Address Number if necessary Step 6 Select STAC compression option Step 7 Set Idle Timeout number The range is from 0 to 3600 seconds Step 8 Select Advice of Charge Support option and enter the Unit Price and Currency in the corresponding blanks if the selection is Yes Step 9 Click OK to return to the...

Page 29: ...e Internet should configure their PCs or workstations in the way described in Chapter 2 Then they must reboot their workstations in order to update them with information that the SMC7301TA learned from the ISP during the Apply and Test operation IP Configuration for Internet Access Using the IP option in the Menu Window you can assign a public IP address to the SMC7301TA modify the private IP addr...

Page 30: ...IP address is 192 168 2 1 If you want to create your own private network through other SMC7301TA with remote offices you need to make sure that each SMC7301TA on each LAN is assigned a unique private IP net work address However please note that once you change the private IP address such as from the default of 192 168 2 1 to 192 168 1 1 either from the browser or through a telnet session which is ...

Page 31: ...he SMC7301TA to act as a DHCP server and assigns private IP addresses to any requestin g DHCP client make sure DHCP is enabled When enabled the SMC7301TA will provide an IP address network mask gateway address SMC7301TA s private IP address and DNS addresses to any workstations on the local area network that are configured as a DHCP client Devices on your network that are configured with public IP...

Page 32: ...order to reach its final destination If this value is zero the destination is in a network directly attached to this router such as a LAN If no match is found with a destination network then a special entry called the Default IP Route is used This normally is set to a path where another router can be reached that has additional information about other networks not known to the Broadband Router suc...

Page 33: ...emote IP netmask fields do not appear if you select this option CAUTION Misconfiguring the default route may result in abnormal system behavior and or unnecessary telephone charges Static Route select if you want to add a static route Remote IP Address the remote IP address of the new route Remote IP Netmask the IP netmask of the new route Gateway identifies if the gateway is an IP address or inte...

Page 34: ...te IP address mapped to port 21 Follow the steps and the SMC7301TA will automatically complete the mapping procedure Note Remember to set a fixed private IP address for each server providing services to the Internet users i e these servers can t be DHCP clients Add or Edit an IP Address Translation Step 1 Click Address Translation button in the Advanced Internet Access Setup screen The following I...

Page 35: ...rver provides Public Port Number and Private Port Number should be the same Step 4 Click Apply Delete an IP Address Translation Step 1 Select the IP address translation that you want to delete from the IP Address Translation Configuration screen Step 2 Click Edit Static DHCP Configuration By the built in DHCP feature the SMC7301TA can automatically assign a private IP address to each PC or worksta...

Page 36: ...tup Screen The following screen will appear Step 2 Click Add for adding a static private IP address or click Edit for editing an existing static private IP address afte r selecting a new static private IP address The following screen will appear Name A name is assigned for router manager identification purpose IP Address The static private IP address that you want to assign MAC Address The MAC add...

Page 37: ...37 Step 3 Click Apply Delete a Static Private IP address Step 1 Select a static private IP address that you want to delete form the DHCP Configuration window Step 2 Click Delete ...

Page 38: ...ation of SMC7301TA matches the requirements of the remote site Remote Office Access by ISDN To configuring the ISDN interface for Remote Office connectivity follow these steps Step 1 Select Access to from Remote Site in the Broadband Router Manager screen and click Next Step 2 If you have already configured your ISDN interface skip to Step 3 Otherwise configure your ISDN interface in the way descr...

Page 39: ... System Password fields will not display unless Call Back is Yes If only incoming calls are allowed with this profile the APPLY and TEST button will not display If you set Call Direction to Outgoing the Call Back fields will not display Call Back if Call Back is enabled Yes is selected the SMC7301TA checks the Remote System Name and Remote Password If a call is received and authentication succeeds...

Page 40: ...CHAP fails then PAP will be used If PAP fails again then MS CHAP will be used Step 6 If you selected Outgoing or Both as your Call Direction click APPLY and TEST or select ADVANCED for more options You must still click Apply and Test even if the other end of the connection has not been configured In this case the test will fail but that can be considered normal Note When you click APPLY and TEST t...

Page 41: ...ieve higher throughput and compressed incoming data to be recognized The ability to use compression depends on the capabilities of the ISP Idle Timeout the number of seconds of inactivity over the connection When this value is reached SMC7301TA will disconnect the call You can set the idle timeout from 0 to 3600 seconds The default setting is 120 seconds If you select 0 the connection will never b...

Page 42: ... and only bring up the other B channel if the traffic increases beyond the capacity of the first B channel Always two B Channels SMC7301TA will always use both B chan nels regardless of traffic Depending on the selection of the ISDN link usage the following options may be offered Upper utilization threshold determines when the SMC7301TA will activate the second B channel Lower utilization threshol...

Page 43: ...he SMC7301TA attempts to place a call to your remote site and log in Watch the Message Window for any progress messages After the test is successful the SMC7301TA will disconnect from your remote site If it is not successful you can make any necessary changes based on progress messages that appear in the message window and try again Deleting Remote Office Access Profile Follow the steps to delete ...

Page 44: ...44 Step 2 Highlight the entry in the list you want to delete and click Delete ...

Page 45: ...rs Configuring a Dial in User Profile Step 1 Select Dial in Access for Off Site Users in the Broadband Router Manager screen Step 2 Select Connection Profiles from the Menu Window Information about each dial in user who is allowed to access is stored in a connection profile When you select Connection Profiles the Connection Profile Summary screen appears only if there is any existing Connection Pr...

Page 46: ...n user and dial the remote user s call back number to reconnect User Name the name of the remote system s user name th at will dial in This field is case sensitive User Password the password associated with the user name above This field is case sensitive Note Authentication means that CHAP will be used first to authenticate the incoming call If CHAP fails then PAP will be used to authenticate the...

Page 47: ...n set the idle timeout from 0 to 3600 seconds The default setting is 120 seconds If you select 0 the connection will never time out Enable IP select Yes to enable IP routing over a connection using this profile Step 7 Click OK to return to the previous screen and click APPLY to add the connection profile to the SMC7301TA s database Otherwise click Multilink if advanced configuration is required fo...

Page 48: ... channel call Optional 2nd Call Back Number Enter another call back number if necessary Step 8 Click OK to return to the previous screen and click OK again to return to the Connection Profile Configuration screen Click Apply to add the connection profile to SMC7301TA s database Deleting Dial in User Profiles Follow the steps to delete a Dial in User Connection Profile Step 1 Select Connection Prof...

Page 49: ...e versa This feature has proven to be useful and effective to most users However for some users additional security requirements may exist which can be satisfied by this packet filtering feature Packet filtering is a security feature that allows you to s electively pass or throw away data traffic between your local LAN and the wide area network For example the Internet Specifically it allows you t...

Page 50: ...ring requirements are 1 I want to block any outside user from being able to telnet into my web server 2 I want to disallow people in the manufacturing department to access the Internet The corresponding translated packet rules are 1 Remote devices with ANY IP address port number are disallowed to communicate with the local web server identified by its IP address and the HTTP port number over my In...

Page 51: ...or discarded as desired which is equivalent to allow and disallow respectively Step 3 If you are just starting click Add to add a new selection rule If you have previously defined rules you will see those rules shown as entries in the rule table and you can edit the rule by first highlighting the desired entry in the rule table followed by clicking the Edit button Step 4 In case of adding a new se...

Page 52: ...ending IP address Local Port the port number s of the local devices this new rule will apply to Remote IP Address the IP address es of the remote devices this new rule will apply to You can select a single IP address a range of IP addresses a network or any IP addresses The screen may change to show fields you need to fill out accordingly For example if you select range you will also see From and ...

Page 53: ... Manager password How to configure general system settings How to use Command Line Interface How to View the Connection Log The SMC7301TA provides a connection log that you can use to track the telephone connections in and out of your SMC7301TA Connect and disconnect messages can be useful in determining your telephone costs and trigger messages are useful in determining which applications and tas...

Page 54: ...onnection How to Upgrade the SMC7301TA Firmware You can also upgrade your SMC7301TA firmware the software that controls the router s operations Normally this is done when you discover a problem which is resolved in a different version o f firmware or when SMC produces a new software version that contains new features that you need Otherwise if you are happy with your current unit you may not want ...

Page 55: ...tem to have the new firmware take effect How to Save or Clear Configuration Changes Every 30 minutes the SMC7301TA automatically saves configuration changes that are unsaved You can use the Configuration Data Options from System Tools Menu to manually save changes or clear the configuration completely You should do this after every configuration action Step 1 Select Configuration Data Options from...

Page 56: ...p 2 Click YES to reset the SMC7301TA Note Resetting the SMC7301TA will disconnect any active calls and may disrupt current user operations You may also lose recen t configuration changes those that have been made within the last 30 minutes unless you manually save the configuration see the previous section All saved configuration changes are restored after the system re initializes How to Change t...

Page 57: ...sword If you forget the Broadband Router Manager password the only way to recover it is to clear the entire configuration and return the u nit to its original state as shipped from the factory Unfortunately this means that you have to re enter all of your configuration data To clear the configuration and restore the password to the default follow these steps Step 1 Using the supplied Null Modem Ca...

Page 58: ...network Make sure physical access to the SMC7301TA is consistent with your security requirements How to Configure General System Settings To view or change general system settings select System from the Configuration Menu The following screen displays Step 1 Enter the following information System Uptime the elapsed time since the SMC7301TA was powered on System Name a unique name that you assign t...

Page 59: ...ough the Console Port Another way to invoke the command line interface is to connect the console port on the SMC7301TA to a PC running the terminal software In the box you ll find a null modem cable that you can use to connect your PC usually the COM2 port to the SMC7301TA console port Connect to the CLI with a termina l program such as Hypercritical or Proclaim Set your COM port parameters to 192...

Page 60: ...60 Command ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands